I guess I need to include a flag to give you guys an idea. Below is the flag called “Really Simple Algorithm - Fake it till you make it”.
The Elemantalists want you to forge a signature on the message “Use hashes to mitigate Blind Signing Attacks”. They have thankfully let you send your message to their signing server to have it signed.
You and your friend already setup a blinded signature now it’s up to you to get the signature on the original message.
You set your random integer r as 211. The server sent you back the information attached.
They want you to give to them a signature on the original message encoded in hex. Just the hex digits without any extra information.
The file they’re given is included below and is named “sign_your_soul_away_here.totally_legit”
Here’s the information you already had.
You sent the server your blinded message M’.
The server replied with the following message.
Your message M’ has been signed and the response S has been given along with your message.
There’s a bonus flag if they can give me what the original message they were encoding was. It’s only worth 15pts but I feel like it’s adequate. The main flag is worth 175pts also if that helps anyone.
That flag is not vulernable to near primes, small e, small d or similar attacks. Also they’re given the hex values instead of having to decode the actual RSA public key because I don’t know if they’d be able to figure out how to do it w/o some serious nudging and I don’t want them to get frustrated and give up.
I should say that they’ll have access to papers like the one attached below in the Canvas Module labeled “Additional Outside Resources”.
It’s what it looks like. It’s a paper on common rsa attacks showing you how to do them by hand and some python code they can copy/paste them.
Canvas for those of you not in school or have people in college is basically the Education CMS system that a lot of school’s use. It breaks up sections of the course into modules and you can link to files etc. So that document and other papers I’ve wrote will be there.
The class I’m talking about is the one that’s targeting CEH’s exam objectives.